WS 2000 Wireless Switch System Reference Guide3-10
• Destination IP—The Destination IP range determines the target address(es) for the firewall rule. To configure the
Destination IP range, click the field and a new window will pop up to enter the IP address and range. An IP address of
0.0.0.0 indicates all IP addresses.
• Transport—To determine the transport protocol to be filtered in the firewall rule, click the field to choose from the list
of protocols:
• Src. Ports (Source Ports)—The source port range determines which ports the firewall rule applies to on the source
IP address. To configure the source port range, click the field and a new window will pop up to enter the starting and
ending ports in the range. For rules where only a single port is necessary, enter the same port in the start and end port
fields.
• Dst. Ports (Destination Ports)—The destination port range determines which ports the firewall rule applies to on the
destination IP address. To configure the destination port range, click the field and a new window will pop up to enter
the starting and ending ports in the range. For rules where only a single port is necessary, enter the same port in the
start and end port fields.
Transport Description
ALL
This selection designates all of the protocols displayed in the table’s pull-down menu, as described
below.
TCP
Transmission Control Protocol (TCP) is a set of rules used with Internet Protocol (IP) to send data
as message units over the Internet. While IP handles the actual delivery of data, TCP keeps track
of individual units of data called packets. Messages are divided into packets for efficient routing
through the Internet.
UDP
User Datagram Protocol (UDP) is mostly used for broadcasting data over the Internet. Like TCP, UDP
runs on top of Internet Protocol (IP) networks. Unlike TCP/IP, UDP/IP provides very few error
recovery services and methods. UDP offers a way to directly connect, and then send and receive
datagrams over an IP network.
ICMP
Internet Control Message Protocol (ICMP) is tightly integrated with IP. ICMP messages, delivered
in IP packets, are used for out-of-band messages related to network operation. Because ICMP uses
IP, ICMP packet delivery is unreliable. Hosts cannot count on receiving ICMP packets for a network
problem.
AH
Authentication Header (AH) is one of the two key components of IP Security Protocol (IPSec). The
other key component is Encapsulating Security Protocol (ESP), described below.
AH provides authentication, proving the packet sender really is the sender, and the data really is
the data sent. AH can be used in transport mode, providing security between two end points. Also,
AH can be used in tunnel mode, providing security like that of a Virtual Private Network (VPN).
ESP
Encapsulating Security Protocol (ESP) is one of the two key components of IP Security Protocol
(IPSec). The other key component is Authentication Header (AH), described above.
ESP encrypts the payload of packets, and also provides authentication services. ESP can be used
in transport mode, providing security between two end points. Also, ESP can be used in tunnel
mode, providing security like that of a Virtual Private Network (VPN).
GRE
General Routing Encapsulation (GRE) supports VPNs across the Internet. GRE is a mechanism for
encapsulating network layer protocols over any other network layer protocol. Such encapsulation
allows routing of IP packets between private IP networks across an Internet that uses globally
assigned IP addresses.